CVE-2025-9071
BaseFortify
Publication date: 2025-08-29
Last updated on: 2025-08-29
Assigner: Switzerland Government Common Vulnerability Program
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| oberon_microsystems_ag | oberon_psa_crypto | 1.5.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-780 | The product uses the RSA algorithm but does not incorporate Optimal Asymmetric Encryption Padding (OAEP), which might weaken the encryption. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Oberon microsystems AG’s Oberon PSA Crypto library (versions up to 1.5.1) involves the incorrect use of an all-zero seed instead of a cryptographically secure random seed for RSA-OAEP padding. OAEP padding normally uses a random seed to ensure that encrypting the same message multiple times produces different ciphertexts, providing semantic security. However, using an all-zero seed makes the encryption deterministic, meaning identical plaintexts produce identical ciphertexts. This breaks the security guarantees of RSA-OAEP, allowing attackers to recognize repeated messages and compromising confidentiality for guessable messages. [1]
How can this vulnerability impact me? :
The vulnerability can lead to a loss of confidentiality for messages that are guessable, as attackers can identify repeated ciphertexts corresponding to the same plaintext. This deterministic encryption undermines the security of applications, protocol stacks, and SDKs that use RSA-OAEP for asymmetric encryption, potentially exposing sensitive data. However, key exchange protocols using RSA-OAEP are likely unaffected because the exchanged keys remain unpredictable. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by identifying if your system or applications are using Oberon PSA Crypto library versions 1.0.0 through 1.5.1 unpatched, specifically checking for the use of RSA-OAEP encryption that produces deterministic ciphertexts due to an all-zero seed. Detection may involve inspecting the library version in use and analyzing RSA-OAEP encrypted messages for repeated ciphertexts from identical plaintexts. However, no specific detection commands are provided in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the Oberon PSA Crypto library to version 1.5.1 or later, where the issue has been fixed by applying the rsa_oaep_padding.patch. This upgrade ensures that a cryptographically secure random seed is used for RSA-OAEP padding, restoring confidentiality and security guarantees. [1]